<?php
include_once( "common.php" );
checkLogin( STATUS_ADMIN );

# Add a new user
if ( trim( $_POST["user"] ) != "" and trim( $_POST["password"] != "" ) )
{
    # Hash password
    $_POST["password"] = md5( $_POST["password"] );

    # Come up with a new feed URL
    $taken = true;

    while ( $taken )
    {
        $url = md5( rand( 0, 10000000 ) );

        if ( db_num_rows( db_query( "SELECT User.feed FROM User WHERE User.feed = \"{$url}\"" ) ) > 0 )
            $taken = true;
        else
            $taken = false;
    }

    $_POST["user"] = addslashes( $_POST["user"] );
    db_query( "INSERT INTO User VALUES( NULL, '{$_POST["user"]}', '{$_POST["password"]}', 0, '{$url}', 0, NOW() )" ) or outputAlert( "Database error", "A database error occurred and the user was not added." );
}

# Add a new project
if ( trim( $_POST["project"] ) != "" )
{
    $_POST["project"] = addslashes( $_POST["project"] );
    db_query( "INSERT INTO Project VALUES( NULL, '{$_POST["project"]}' )" ) or outputAlert( "Database error", "A database error occurred and the project was not added." );
}

header( "Location: admin.php" );
?>
